| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Nov 2022 14:17:59 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>, djwong@...nel.org
Cc: linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org,
allison.henderson@...cle.com, colin.i.king@...il.com,
guoxuenan@...wei.com, lizetao1@...wei.com, zengheng4@...wei.com
Subject: [GIT PULL] xfs: fixes for 6.1-rc4
Hi Linus,
Please pull this rather large branch with fixes for xfs for 6.1-rc4.
Dave and I had thought that this would be a very quiet cycle, but we
thought wrong.
At first there were the usual trickle of minor bugfixes, but then Zorro
pulled -rc1 and noticed complaints about the stronger memcpy checks
w.r.t. flex arrays. Analyzing how to fix that revealed a bunch of
validation gaps in validating ondisk log items during recovery, and then
a customer hit an infinite loop in the refcounting code on a corrupt
filesystem.
So. This largeish batch of fixes addresses all those problems, I hope.
As usual, I did a test-merge with the main upstream branch as of a few
minutes ago, and didn't see any conflicts. Please let me know if you
encounter any problems.
--D
The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:
Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git tags/xfs-6.1-fixes-4
for you to fetch changes up to 4eb559dd15671cca355a61a4164e8f19e3952637:
Merge tag 'refcount-cow-domain-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixesA (2022-11-01 09:52:13 -0700)
----------------------------------------------------------------
Bug fixes for 6.1-rc4:
- Fix a UAF bug during log recovery.
- Fix memory leaks when mount fails.
- Detect corrupt bestfree information in a directory block.
- Fix incorrect return value type for the dax page fault handlers.
- Fix fortify complaints about memcpy of xfs log item objects.
- Strengthen inadequate validation of recovered log items.
- Fix incorrectly declared flex array in EFI log item structs.
- Log corrupt log items for debugging purposes.
- Fix infinite loop problems in the refcount code if the refcount btree
node block keys are corrupt.
- Fix infinite loop problems in the refcount code if the refcount btree
records suffer MSB bitflips.
- Add more sanity checking to continued defer ops to prevent overflows
from one AG to the next or off EOFS.
----------------------------------------------------------------
Allison Henderson (1):
xfs: increase rename inode reservation
Colin Ian King (1):
xfs: remove redundant pointer lip
Darrick J. Wong (25):
xfs: avoid a UAF when log intent item recovery fails
xfs: fix incorrect return type for fsdax fault handlers
xfs: fix validation in attr log item recovery
xfs: fix memcpy fortify errors in BUI log format copying
xfs: fix memcpy fortify errors in CUI log format copying
xfs: fix memcpy fortify errors in RUI log format copying
xfs: make sure aglen never goes negative in xfs_refcount_adjust_extents
xfs: fix memcpy fortify errors in EFI log format copying
xfs: create a predicate to verify per-AG extents
xfs: refactor all the EFI/EFD log item sizeof logic
xfs: check deferred refcount op continuation parameters
xfs: actually abort log recovery on corrupt intent-done log items
xfs: move _irec structs to xfs_types.h
xfs: dump corrupt recovered log intent items to dmesg consistently
xfs: refactor refcount record usage in xchk_refcountbt_rec
xfs: track cow/shared record domains explicitly in xfs_refcount_irec
xfs: report refcount domain in tracepoints
xfs: refactor domain and refcount checking
xfs: remove XFS_FIND_RCEXT_SHARED and _COW
xfs: check record domain when accessing refcount records
xfs: fix agblocks check in the cow leftover recovery function
xfs: fix uninitialized list head in struct xfs_refcount_recovery
xfs: rename XFS_REFC_COW_START to _COWFLAG
Merge tag 'fix-log-recovery-misuse-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixes
Merge tag 'refcount-cow-domain-6.1_2022-10-31' of git://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.1-fixesA
Guo Xuenan (1):
xfs: fix exception caused by unexpected illegal bestcount in leaf dir
Li Zetao (1):
xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()
Zeng Heng (1):
xfs: fix memory leak in xfs_errortag_init
fs/xfs/libxfs/xfs_ag.h | 15 ++
fs/xfs/libxfs/xfs_alloc.c | 6 +-
fs/xfs/libxfs/xfs_dir2_leaf.c | 9 +-
fs/xfs/libxfs/xfs_format.h | 22 +--
fs/xfs/libxfs/xfs_log_format.h | 60 +++++++-
fs/xfs/libxfs/xfs_refcount.c | 286 ++++++++++++++++++++++++++-----------
fs/xfs/libxfs/xfs_refcount.h | 40 +++++-
fs/xfs/libxfs/xfs_refcount_btree.c | 15 +-
fs/xfs/libxfs/xfs_rmap.c | 9 +-
fs/xfs/libxfs/xfs_trans_resv.c | 4 +-
fs/xfs/libxfs/xfs_types.h | 30 ++++
fs/xfs/scrub/alloc.c | 4 +-
fs/xfs/scrub/ialloc.c | 5 +-
fs/xfs/scrub/refcount.c | 72 ++++------
fs/xfs/xfs_attr_item.c | 67 +++++----
fs/xfs/xfs_bmap_item.c | 54 +++----
fs/xfs/xfs_error.c | 9 +-
fs/xfs/xfs_extfree_item.c | 94 ++++++------
fs/xfs/xfs_extfree_item.h | 16 +++
fs/xfs/xfs_file.c | 7 +-
fs/xfs/xfs_inode.c | 2 +-
fs/xfs/xfs_log_recover.c | 10 +-
fs/xfs/xfs_ondisk.h | 23 ++-
fs/xfs/xfs_refcount_item.c | 57 ++++----
fs/xfs/xfs_rmap_item.c | 70 ++++-----
fs/xfs/xfs_super.c | 12 +-
fs/xfs/xfs_sysfs.h | 7 +-
fs/xfs/xfs_trace.h | 48 +++++--
fs/xfs/xfs_trans_ail.c | 3 +-
29 files changed, 670 insertions(+), 386 deletions(-)
Powered by blists - more mailing lists